be0485f7e1361eb7896521414bef739c4f122d2e5214a4305c02135e24f28b14

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

v2.01.5/Monaco/package/dev/vs/basic-languages/less/less.js
Size

7KB
MD5

31640224f6a45babe561bc6b67a59513
SHA1

496027921cc0b8ac9838f906e10b1130a70bc2cb
SHA256

f0a440838172fd83f5ae32a3711f21757ab6a16e839bbbc56ca868afc7fd7b06
SHA512

0d4ec75e9b8780d90abd7ea97c5164d43fd725724e9a891522f81e1076397f8ff563c2be65ad2521235e48e49a375bb59974eeed653f70d2d6426b0b9ea382cc
SSDEEP

96:HDGkK8NPEVSRasESljeQzlAd+OgUOgeovh+d0YXJzei0:r9FEGdES8Xd+lUO0

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1656	firefox.exe
Token: SeDebugPrivilege	1656	firefox.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe
1656	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3388 wrote to memory of 1656	3388	firefox.exe	91
PID 3388 wrote to memory of 1656	3388	firefox.exe	91
PID 3388 wrote to memory of 1656	3388	firefox.exe	91
PID 3388 wrote to memory of 1656	3388	firefox.exe	91
PID 3388 wrote to memory of 1656	3388	firefox.exe	91
PID 3388 wrote to memory of 1656	3388	firefox.exe	91
PID 3388 wrote to memory of 1656	3388	firefox.exe	91
PID 3388 wrote to memory of 1656	3388	firefox.exe	91
PID 3388 wrote to memory of 1656	3388	firefox.exe	91
PID 3388 wrote to memory of 1656	3388	firefox.exe	91
PID 3388 wrote to memory of 1656	3388	firefox.exe	91
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 2504	1656	firefox.exe	92
PID 1656 wrote to memory of 1236	1656	firefox.exe	93
PID 1656 wrote to memory of 1236	1656	firefox.exe	93
PID 1656 wrote to memory of 1236	1656	firefox.exe	93
PID 1656 wrote to memory of 1236	1656	firefox.exe	93
PID 1656 wrote to memory of 1236	1656	firefox.exe	93
PID 1656 wrote to memory of 1236	1656	firefox.exe	93
PID 1656 wrote to memory of 1236	1656	firefox.exe	93
PID 1656 wrote to memory of 1236	1656	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\v2.01.5\Monaco\package\dev\vs\basic-languages\less\less.js
1⤵
PID:392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b45cfe6-8006-45e8-ab73-5955a6459633} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" gpu
    3⤵
    PID:2504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eeb6c455-33cc-4e93-a6bd-c674d6ca3809} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" socket
    3⤵
    - Checks processor information in registry
    PID:1236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 3092 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98de2dda-a5bd-4e60-bbd2-e5c3433b7a1c} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" tab
    3⤵
    PID:2668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3896 -childID 2 -isForBrowser -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76546512-5179-4aaf-80b8-e52d17bbbbb1} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" tab
    3⤵
    PID:1340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4776 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4732 -prefMapHandle 4808 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64cbda76-7f66-4934-bac5-4a21458351c2} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" utility
    3⤵
    - Checks processor information in registry
    PID:4112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5240 -childID 3 -isForBrowser -prefsHandle 5232 -prefMapHandle 5228 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fe78a00-7036-4f79-97e2-0fbdf3f40147} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" tab
    3⤵
    PID:4784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 4 -isForBrowser -prefsHandle 5460 -prefMapHandle 5456 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fea83da-3416-4d13-ae81-9abdb8d1389c} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" tab
    3⤵
    PID:2360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 5 -isForBrowser -prefsHandle 5596 -prefMapHandle 5540 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b04a16db-1214-47a1-9c2f-90282b2b7e66} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" tab
    3⤵
    PID:2536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 6 -isForBrowser -prefsHandle 6124 -prefMapHandle 6120 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2be5f30c-181b-4921-8ed5-7b76f44aa2f7} 1656 "\\.\pipe\gecko-crash-server-pipe.1656" tab
    3⤵
    PID:1012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\cache2\entries\62C514A3D9BDF3FCB31C6A5B8A4FF2FC8BEF667E

Filesize
221KB

MD5
91d11785b52c1709cac71180ea18595a

SHA1
f1d5ff5a2e68f9852054f36a80d821da165cf585

SHA256
6b8d5ce94b41e59a1573edde57a4c41e85203c6c1024db2676c22da6faf51cd3

SHA512
828c247b2c0d85c2afc8f56a154fd1f70a4090358620b5160cba280c033a1b7c941f2e33f19b67797f9e234fd3ecb27e329240e6409191f8e1845815426a9069

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\cache2\entries\9E153E43FBA49EDB7D2FF3F00D771FC734829899

Filesize
61KB

MD5
e02225bffacde778925a06d7d3488954

SHA1
6c62bd26b30b35b16d002ab81843925cd45700d8

SHA256
239cb9cb44014399c03b4197e4395708f79bde974e46887032c910e8530b4ad7

SHA512
6ee05e2c8c5b75bdfbb3d8eb1a94a2fce7363ca153fb5a15c90f77bba1d75d6eccaff2c4391b888b05222ff9b3eceb0fedeb1910872fb37cc9b97bbfeecd686d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
8KB

MD5
b94daffa183ba60c89864d7d798b803a

SHA1
c8d6f41b69cf1edc803b690739b0d7c3ea781a75

SHA256
905f34db6119c6103f6ab3f2d9a196eae11301902f2feb4508340c0a7355cf54

SHA512
ecaa10cf3b46c4b1f52d283783c049a330b2c4d6618fc3e94073f648cece4a224242e4fc4fb717d3b69c550a505cda4d4dedb8d46fc480f927340222397bdf2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
12KB

MD5
951974c3292525e8ad085f4a2fe53608

SHA1
36eb37fa23f95f401822f9a7fed96f3695018744

SHA256
6dbbf28fcbfc4ab90fe219c7fce1be408195ec1d841dc08546d66f7cadd93079

SHA512
fdc72895bebc06ca28063ed08fc6b41f40f607478635bcaa0104e02f0b73115f63eee2da715df55f3b7e127fcdf69a67ffad02a2f4bff283ee7e646fbf9fb747

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
eea1135da9273b7b1d226e8db3be89a7

SHA1
97e1495e4f70b52620f6329af1c49902f92e4986

SHA256
06a07ff5f48e357d9e1bf73c20929353c69e3754d8e5156b28b56b9a085f848d

SHA512
e8b0f7619c65ccd8406c1ca7f13d65a1dc752e3e5d755528e2be45a58dd9b6ef55d1f2e0527cdad79ce1ce0d3c4407d3c2b678ca5066ca49fbe79d259c25f7f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
32bab228235301cc5415776d3c8a3827

SHA1
15e7dcbd70db174e9e37b9ecad90b223cd75102f

SHA256
4223f7d384d743cc20eef5973fec5403b7bef306005552dce250be85d7eedfcf

SHA512
813f1ef482a6d180cd2fdf3fc8428bfde1393edfe2f79c6791125ec1e020a730bc228b42e1313c288d432ccb3ddb75999260279e0a00603a928f87b30e37d56a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
21dd899d2894478c8ed90091b5819fa0

SHA1
cfc235e1cd41e493610d5733f0ea4b930586a358

SHA256
c1fc737b9b2452eb6b39980525379a4b418df5779a308b4bb7dc049294738e67

SHA512
0cfc42e9e11b985f6e170ca49f85f86f09a11277b5a20a6429fc3b2551226090e3a7f29e720e31c81f87815c026996927b46ea7138ebc27bf94e57535b61443d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\154f1c00-12d4-4933-8d3f-4098dbc56010

Filesize
4KB

MD5
e7d12c91958f79795e6ef88e5bc11459

SHA1
dee1f2c0ee7d3a1dade15509e556098fccdfc8df

SHA256
74064a95001e706690e95db462509229861fa4b02cdee0354903f7e8d47a4aa0

SHA512
f26d32c51d3d3538f66e6aba3cc6a31c9b58a7db701c220fe443fbdfa9ecb301b7099af4e3d1a873968fa15e658cc4922b42be74d5fd5dd3d4c3e74fbf29e2df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\5ca79fcf-7f4b-410d-83b7-d021ddcfaf46

Filesize
28KB

MD5
e0c119cd7efa446cde2241e9dca67827

SHA1
6ee7eccdcdf29a16788e71ffc53ddf00f8a39f0b

SHA256
3ce285e994a8e148dcd05ba1efecf485e5f3c361104aa746b145e6935599d8c9

SHA512
9ed1c350d7c408d96711dd96dad625b89c5c3b099cb0ac4db17296b0afa4041549d42154aa0a89cb246df8fd668220629a0f445216f214300386482e736423fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\c1a1a505-1933-41c7-9770-c8be01ab87f9

Filesize
671B

MD5
5f35e31dea37b002026f968fc26ab210

SHA1
a246ee935f0bb6c7f2a0dc621541812d0f883822

SHA256
72ad43b6fd89e8aedc04500b3aa955da401de101bb2b2a26b966cdd4924104db

SHA512
ae2d95508bb0d7a4d161f87bb402ba552608e1ea0d9f6d26033328c5ea374abb557f602dd4482b260b7dfe766ee02d127ad49d2dadd95d6add017acc1ce43819

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\c3ff2933-cdd9-460c-b549-17e412a1e970

Filesize
982B

MD5
d4232373f52170d031d5df8d4d5bc680

SHA1
3c65b8ac2e21c2d2ee50fd643c77751aede5367c

SHA256
176f2255259f7d99af90f35d877e01e2baf72e3face752d898c22b94d5976bdd

SHA512
3b8a2235019ddb906bf6ba892f4c121702dc554abeb3ead07d48bfb570b187225b03b82322bab1cd0a18feeb8dd16a49c0c591920bc462a515b3118ef075edba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
11KB

MD5
931c0f0f3e373a26d9a4e58c2a32ee6c

SHA1
b0c744d3cf6a688c0034ce36546f7468f8503f89

SHA256
cd1a1e591a4002ea3e99b8f4e9ae0515bd56d8e9a8f889691b41a546690ccec6

SHA512
fcba070fcc5a1f14f0ededb6066452e0ab1b6255412bc8a7efcd3ad6f3273c49d7dd33ff6994e57b55138a4a2a2e6413c254351242b5bd96dec5289ff59708c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
11KB

MD5
68746f4a5a4862949c3de35fa45819bb

SHA1
78486f14574046eb8f7cf24dc541f65813cb131b

SHA256
5005a25ec530b0a6136b5c21bf0b141137faa3ba2ca8cff4f85ecbfa8267f4cd

SHA512
9a9f298acc9e34fa8871f1552d9738d3dbccbad0adac90029147f09f196e085bdc12b05d1e7d1942389e9877b0147d2ca9177117c5840e0d9a28fdedbae20915

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
12KB

MD5
8294c6900dc800e513bcd9626c72b992

SHA1
0eaf9cb5d1a1607397241528ccf56b27c0bc2cb7

SHA256
b7afafb1938b166930d95fe572458b078d6e9b141483f284c93a6a4368634acb

SHA512
b52c35dbe45d6cca678a6e3c085123b23c4b7910def4d1183143cf725bf8521ca5f7fc1ad52a43edd54a41bdd457c976a2a4c3ab22e4e0380c1dc52dea387baa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js

Filesize
11KB

MD5
45b4d4f7f6134d2583bdbed0cae04b01

SHA1
737517358e18dc8a822622c9fb30155a9b23fdeb

SHA256
292ae09aebd481682dd21a15c4bd89f3f264b8c28c8e82544f91e374c647060b

SHA512
68212d4ed5b471dc542dd4ec2c42036c9c7683143d49d79d5b76f6ce15057cbf7ecb07800ac9359c979fff3a3cafab915be8b64d132c390f6abcb7e91dba6ae8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js

Filesize
10KB

MD5
000c8b13e214f6efe1388667b40725a0

SHA1
ea69914cf47339c27cf309e84b19ce18bf6b5e4a

SHA256
b5565220af2c423fac4a9cdd9a6101435478de56df4544aefb0dbb649288a720

SHA512
3edf31f07255e3b5fac71898e04086b4ad920e742b129317772a9859be944337ab6e36f29a307e662c3f0f0ebe51eda45554b9924915e71f7544acb9caac3ec1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
59eda1f24864a75f38181e26eb7f69ba

SHA1
14ad0dc3b31e835506777f5ed442b247dfba0053

SHA256
47d3a13c15a2631f58a001717dd83fc56859502a2b82fec22e3c4552078bed1f

SHA512
97784b06978e6ea011cb91b33fb0307c51fc49672496bd918355760d8415de3ee36aef76f228bd6e1d23d20fa819760f7cd88db84d38980c41ee901c90f190e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
4f47876d0c35571516c0b1d97cde515e

SHA1
831db441fa9a0bff60b3c832d766927de52b8bb7

SHA256
3ac7582b38733b1c9ce0993aa7b56bf31c6d54ee8610b7f9d1aa433952837bf3

SHA512
a88171d02cd4b154bee1366d100a72c1de04b2a791ef4e174c5858993f6e59f2389818250ccfeaf33fbcd0318737e82dae16e4423abc0de76383024c0fda2724

Download Submit